Sample viewer

vx.netlux.org/Virus.DOS.Mahon.1368

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:00:50.573975187Z 26 PC: 13744 | Set disk transfer address
2018-12-17T23:00:50.583388428Z 53 PC: 13749 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:50.58457965Z 37 PC: 1375a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:50.585653223Z 71 PC: 13763 | Get current directory
2018-12-17T23:00:50.58933715Z 78 PC: 1376e | Find first file
2018-12-17T23:00:50.595909866Z 61 PC: 1377f | Open file (Filename = '')
2018-12-17T23:00:50.607715002Z 87 PC: 1399f | Get or set file date and time
2018-12-17T23:00:50.609457138Z 63 PC: 1379e | Read file or device (Read 28 bytes on handle 5)
2018-12-17T23:00:50.616110123Z 87 PC: 139b5 | Get or set file date and time
2018-12-17T23:00:50.617894909Z 62 PC: 137f2 | Close file
2018-12-17T23:00:50.631067334Z 79 PC: 1376e | Find next file
2018-12-17T23:00:50.634519518Z 78 PC: 13802 | Find first file
2018-12-17T23:00:50.640119103Z 78 PC: 13880 | Find first file
2018-12-17T23:00:50.645716536Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-17T23:00:50.652809199Z 87 PC: 1399f | Get or set file date and time
2018-12-17T23:00:50.654256668Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:50.661031061Z 66 PC: 139be | Move file pointer
2018-12-17T23:00:50.663434562Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:50.665999776Z 66 PC: 139c7 | Move file pointer
2018-12-17T23:00:50.667323612Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-17T23:00:50.680779266Z 87 PC: 139b5 | Get or set file date and time
2018-12-17T23:00:50.682502287Z 62 PC: 13909 | Close file
2018-12-17T23:00:50.689944904Z 79 PC: 1390d | Find next file
2018-12-17T23:00:50.692584535Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-17T23:00:50.699229783Z 87 PC: 1399f | Get or set file date and time
2018-12-17T23:00:50.700565944Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:50.706721017Z 66 PC: 139be | Move file pointer
2018-12-17T23:00:50.708742207Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:50.711250369Z 66 PC: 139c7 | Move file pointer
2018-12-17T23:00:50.712526739Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-17T23:00:50.72131827Z 87 PC: 139b5 | Get or set file date and time
2018-12-17T23:00:50.72300564Z 62 PC: 13909 | Close file
2018-12-17T23:00:50.730517335Z 79 PC: 1390d | Find next file
2018-12-17T23:00:50.733949303Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-17T23:00:50.740963732Z 87 PC: 1399f | Get or set file date and time
2018-12-17T23:00:50.742686374Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:50.75011128Z 66 PC: 139be | Move file pointer
2018-12-17T23:00:50.752212264Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:50.755109716Z 66 PC: 139c7 | Move file pointer
2018-12-17T23:00:50.770963035Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-17T23:00:50.779383243Z 87 PC: 139b5 | Get or set file date and time
2018-12-17T23:00:50.781005158Z 62 PC: 13909 | Close file
2018-12-17T23:00:50.789632121Z 79 PC: 1390d | Find next file
2018-12-17T23:00:50.792117667Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-17T23:00:50.798350332Z 87 PC: 1399f | Get or set file date and time
2018-12-17T23:00:50.800306328Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:50.80667589Z 66 PC: 139be | Move file pointer
2018-12-17T23:00:50.808133935Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:50.811249423Z 66 PC: 139c7 | Move file pointer
2018-12-17T23:00:50.812524393Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-17T23:00:50.820901513Z 87 PC: 139b5 | Get or set file date and time
2018-12-17T23:00:50.823537265Z 62 PC: 13909 | Close file
2018-12-17T23:00:50.83181358Z 79 PC: 1390d | Find next file
2018-12-17T23:00:50.834261616Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-17T23:00:50.84109397Z 87 PC: 1399f | Get or set file date and time
2018-12-17T23:00:50.842831304Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:50.849491135Z 66 PC: 139be | Move file pointer
2018-12-17T23:00:50.85103227Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:50.853932841Z 66 PC: 139c7 | Move file pointer
2018-12-17T23:00:50.855528783Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-17T23:00:50.869380157Z 87 PC: 139b5 | Get or set file date and time
2018-12-17T23:00:50.871231679Z 62 PC: 13909 | Close file
2018-12-17T23:00:50.878508092Z 79 PC: 1390d | Find next file
2018-12-17T23:00:50.881760265Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-17T23:00:50.888113805Z 87 PC: 1399f | Get or set file date and time
2018-12-17T23:00:50.889517583Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:50.89577588Z 66 PC: 139be | Move file pointer
2018-12-17T23:00:50.896960742Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:50.90009385Z 66 PC: 139c7 | Move file pointer
2018-12-17T23:00:50.90151581Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-17T23:00:50.909807181Z 87 PC: 139b5 | Get or set file date and time
2018-12-17T23:00:50.911211041Z 62 PC: 13909 | Close file
2018-12-17T23:00:50.91868287Z 79 PC: 1390d | Find next file
2018-12-17T23:00:50.921167118Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-17T23:00:50.927388997Z 87 PC: 1399f | Get or set file date and time
2018-12-17T23:00:50.928798826Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:00:50.935489657Z 66 PC: 139be | Move file pointer
2018-12-17T23:00:50.936906604Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:00:50.939561774Z 66 PC: 139c7 | Move file pointer
2018-12-17T23:00:50.941517612Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-17T23:00:50.950010426Z 87 PC: 139b5 | Get or set file date and time
2018-12-17T23:00:50.95204398Z 62 PC: 13909 | Close file
2018-12-17T23:00:50.960387108Z 79 PC: 1390d | Find next file
2018-12-17T23:00:50.963127225Z 59 PC: 13890 | Change current directory
2018-12-17T23:00:50.968307932Z 42 PC: 13918 | Get date 0x13918: cmp dh, 0xa
0x1391b: jne 0x13944
0x1391d: nop
0x1391e: nop
0x1391f: nop
0x13920: cmp dl, 0x12
0x13923: jne 0x13944
0x13925: nop
0x13926: nop
0x13927: nop
0x13928: mov ah, 9
0x1392a: lea dx, word ptr [bp + 0x43b]
0x1392e: int 0x21
0x13930: xor ax, ax
0x13932: int 0x16
0x13934: mov ah, 3
0x13936: mov al, 0xf
0x13938: mov ch, 0
0x1393a: mov cl, 1
0x1393c: mov dh, 0
2018-12-17T23:00:50.9699532Z 37 PC: 1394d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T23:00:50.970768427Z 59 PC: 13955 | Change current directory
2018-12-17T23:00:50.972612667Z 26 PC: 1396b | Set disk transfer address
2018-12-17T23:00:50.973812062Z 76 PC: 136f8 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":18,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13665,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:41.05255275Z 26 PC: 13744 | Set disk transfer address
2018-12-25T12:38:41.054961543Z 53 PC: 13749 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.056364609Z 37 PC: 1375a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.057657069Z 71 PC: 13763 | Get current directory
2018-12-25T12:38:41.061998104Z 78 PC: 1376e | Find first file
2018-12-25T12:38:41.069228599Z 61 PC: 1377f | Open file (Filename = '')
2018-12-25T12:38:41.077135609Z 87 PC: 1399f | Get or set file date and time
2018-12-25T12:38:41.079179629Z 63 PC: 1379e | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:38:41.086221838Z 87 PC: 139b5 | Get or set file date and time
2018-12-25T12:38:41.08800633Z 62 PC: 137f2 | Close file
2018-12-25T12:38:41.101605585Z 79 PC: 1376e | Find next file (See above)
2018-12-25T12:38:41.105496787Z 78 PC: 13802 | Find first file
2018-12-25T12:38:41.118095259Z 78 PC: 13880 | Find first file
2018-12-25T12:38:41.124492911Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-25T12:38:41.132114342Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.133733347Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:41.140763081Z 66 PC: 139be | Move file pointer
2018-12-25T12:38:41.142792758Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:41.145604757Z 66 PC: 139c7 | Move file pointer
2018-12-25T12:38:41.147062705Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-25T12:38:41.156882046Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.158043091Z 62 PC: 13909 | Close file
2018-12-25T12:38:41.166566732Z 79 PC: 1390d | Find next file
2018-12-25T12:38:41.169826124Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.177926932Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.179748511Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.18728094Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.191584651Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.194574128Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.196166499Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.205993177Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.207817146Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.21628592Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.22446875Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.231847182Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.233405429Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.241840707Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.243445954Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.246551923Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.248769893Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.25949388Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.261301022Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.270968939Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.274026347Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.286162969Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.287979732Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.295455888Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.297106843Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.300014385Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.301994512Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.311106323Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.31269389Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.322084628Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.324970706Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.332061176Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.334164858Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.341482778Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.342909696Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.346659683Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.348126368Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.357512816Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.359459536Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.367721214Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.370629005Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.37839294Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.380154282Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.387669901Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.389094564Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.392259162Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.394335365Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.406943569Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.409708391Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.418359467Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.421699042Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.430201941Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.432246217Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.439741768Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.442219463Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.445413607Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.446999499Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.457674358Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.459950931Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.468604132Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.472593449Z 59 PC: 13890 | Change current directory
2018-12-25T12:38:41.477947845Z 42 PC: 13918 | Get date 0x13918: cmp dh, 0xa
0x1391b: jne 0x13944
0x1391d: nop
0x1391e: nop
0x1391f: nop
0x13920: cmp dl, 0x12
0x13923: jne 0x13944
0x13925: nop
0x13926: nop
0x13927: nop
0x13928: mov ah, 9
0x1392a: lea dx, word ptr [bp + 0x43b]
0x1392e: int 0x21
0x13930: xor ax, ax
0x13932: int 0x16
0x13934: mov ah, 3
0x13936: mov al, 0xf
0x13938: mov ch, 0
0x1393a: mov cl, 1
0x1393c: mov dh, 0
2018-12-25T12:38:41.480761517Z 9 PC: 13930 | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13665,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:41.218742871Z 26 PC: 13744 | Set disk transfer address
2018-12-25T12:38:41.221086301Z 53 PC: 13749 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.222502803Z 37 PC: 1375a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.223950831Z 71 PC: 13763 | Get current directory
2018-12-25T12:38:41.239143136Z 78 PC: 1376e | Find first file
2018-12-25T12:38:41.245300277Z 61 PC: 1377f | Open file (Filename = '')
2018-12-25T12:38:41.256657835Z 87 PC: 1399f | Get or set file date and time
2018-12-25T12:38:41.259058181Z 63 PC: 1379e | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:38:41.266065402Z 87 PC: 139b5 | Get or set file date and time
2018-12-25T12:38:41.268575412Z 62 PC: 137f2 | Close file
2018-12-25T12:38:41.282709935Z 79 PC: 1376e | Find next file (See above)
2018-12-25T12:38:41.287801624Z 78 PC: 13802 | Find first file
2018-12-25T12:38:41.293858087Z 78 PC: 13880 | Find first file
2018-12-25T12:38:41.299991746Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-25T12:38:41.317155484Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.319335171Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:41.325930604Z 66 PC: 139be | Move file pointer
2018-12-25T12:38:41.328584519Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:41.331882082Z 66 PC: 139c7 | Move file pointer
2018-12-25T12:38:41.333574463Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-25T12:38:41.342782428Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.344584378Z 62 PC: 13909 | Close file
2018-12-25T12:38:41.353038366Z 79 PC: 1390d | Find next file
2018-12-25T12:38:41.35672859Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.364548445Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.366261315Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.373054663Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.375598061Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.378495145Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.380154913Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.389917602Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.391749003Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.399535387Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.406096954Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.412562283Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.413974097Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.421113123Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.422825278Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.426461314Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.428768955Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.437210674Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.43909214Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.447203842Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.450076137Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.45672304Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.459029069Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.465817074Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.467436374Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.470300806Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.47263632Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.481092492Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.482845203Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.500790444Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.504516405Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.511273478Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.514991407Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.521531493Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.523150683Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.526703292Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.528657049Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.537312094Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.539861592Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.547766319Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.550557709Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.566184607Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.568036039Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.575047135Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.57707546Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.578919886Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.580096421Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.587169608Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.590524506Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.613892738Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.617675613Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.624746194Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.626450789Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.633358629Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.636601094Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.639479543Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.641135656Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.651093005Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.652827053Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.660543036Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.664409083Z 59 PC: 13890 | Change current directory
2018-12-25T12:38:41.668792696Z 42 PC: 13918 | Get date 0x13918: cmp dh, 0xa
0x1391b: jne 0x13944
0x1391d: nop
0x1391e: nop
0x1391f: nop
0x13920: cmp dl, 0x12
0x13923: jne 0x13944
0x13925: nop
0x13926: nop
0x13927: nop
0x13928: mov ah, 9
0x1392a: lea dx, word ptr [bp + 0x43b]
0x1392e: int 0x21
0x13930: xor ax, ax
0x13932: int 0x16
0x13934: mov ah, 3
0x13936: mov al, 0xf
0x13938: mov ch, 0
0x1393a: mov cl, 1
0x1393c: mov dh, 0
2018-12-25T12:38:41.67118654Z 37 PC: 1394d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.673017221Z 59 PC: 13955 | Change current directory
2018-12-25T12:38:41.674947764Z 26 PC: 1396b | Set disk transfer address
2018-12-25T12:38:41.676014908Z 76 PC: 136f8 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13665,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:41.249787253Z 26 PC: 13744 | Set disk transfer address
2018-12-25T12:38:41.2534646Z 53 PC: 13749 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.254890845Z 37 PC: 1375a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.257509257Z 71 PC: 13763 | Get current directory
2018-12-25T12:38:41.262386037Z 78 PC: 1376e | Find first file
2018-12-25T12:38:41.268347871Z 61 PC: 1377f | Open file (Filename = '')
2018-12-25T12:38:41.274904278Z 87 PC: 1399f | Get or set file date and time
2018-12-25T12:38:41.277353731Z 63 PC: 1379e | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:38:41.285213072Z 87 PC: 139b5 | Get or set file date and time
2018-12-25T12:38:41.287038861Z 62 PC: 137f2 | Close file
2018-12-25T12:38:41.299833554Z 79 PC: 1376e | Find next file (See above)
2018-12-25T12:38:41.30323457Z 78 PC: 13802 | Find first file
2018-12-25T12:38:41.308928981Z 78 PC: 13880 | Find first file
2018-12-25T12:38:41.315565715Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-25T12:38:41.327387289Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.330517687Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:41.35231973Z 66 PC: 139be | Move file pointer
2018-12-25T12:38:41.354803285Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:41.357741662Z 66 PC: 139c7 | Move file pointer
2018-12-25T12:38:41.359472071Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-25T12:38:41.36949022Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.371693902Z 62 PC: 13909 | Close file
2018-12-25T12:38:41.379380264Z 79 PC: 1390d | Find next file
2018-12-25T12:38:41.383172772Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.390156873Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.391800353Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.398703365Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.401300169Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.403885197Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.405335144Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.414622144Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.416451024Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.424176214Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.428233221Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.435648393Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.437411191Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.444823249Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.446882651Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.449830542Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.451545964Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.457506993Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.458596133Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.464539168Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.467463627Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.474038259Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.476529907Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.4827956Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.48410742Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.487465861Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.489026537Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.503920828Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.505484376Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.514152155Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.517563838Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.525643674Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.527565682Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.534802448Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.536408036Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.554886319Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.556670153Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.56540504Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.567609202Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.575715453Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.578569472Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.58632282Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.587984091Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.594547323Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.597271849Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.600122057Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.601389943Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.6109478Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.612310543Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.620633512Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.623573575Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.62980688Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.631011007Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.637537681Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.639044135Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.642299252Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.644011146Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.652139822Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.653541552Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.661461762Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.663774331Z 59 PC: 13890 | Change current directory
2018-12-25T12:38:41.667925128Z 42 PC: 13918 | Get date 0x13918: cmp dh, 0xa
0x1391b: jne 0x13944
0x1391d: nop
0x1391e: nop
0x1391f: nop
0x13920: cmp dl, 0x12
0x13923: jne 0x13944
0x13925: nop
0x13926: nop
0x13927: nop
0x13928: mov ah, 9
0x1392a: lea dx, word ptr [bp + 0x43b]
0x1392e: int 0x21
0x13930: xor ax, ax
0x13932: int 0x16
0x13934: mov ah, 3
0x13936: mov al, 0xf
0x13938: mov ch, 0
0x1393a: mov cl, 1
0x1393c: mov dh, 0
2018-12-25T12:38:41.671203636Z 37 PC: 1394d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.672484215Z 59 PC: 13955 | Change current directory
2018-12-25T12:38:41.674520211Z 26 PC: 1396b | Set disk transfer address
2018-12-25T12:38:41.676640278Z 76 PC: 136f8 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13665,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:41.452673891Z 26 PC: 13744 | Set disk transfer address
2018-12-25T12:38:41.454673371Z 53 PC: 13749 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.455834791Z 37 PC: 1375a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.457936603Z 71 PC: 13763 | Get current directory
2018-12-25T12:38:41.461718454Z 78 PC: 1376e | Find first file
2018-12-25T12:38:41.467725272Z 61 PC: 1377f | Open file (Filename = '')
2018-12-25T12:38:41.474329749Z 87 PC: 1399f | Get or set file date and time
2018-12-25T12:38:41.476456909Z 63 PC: 1379e | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:38:41.478964279Z 87 PC: 139b5 | Get or set file date and time
2018-12-25T12:38:41.480478795Z 62 PC: 137f2 | Close file
2018-12-25T12:38:41.501620233Z 79 PC: 1376e | Find next file (See above)
2018-12-25T12:38:41.504541726Z 78 PC: 13802 | Find first file
2018-12-25T12:38:41.515416544Z 78 PC: 13880 | Find first file
2018-12-25T12:38:41.525228275Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-25T12:38:41.537414851Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.538825736Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:41.547047401Z 66 PC: 139be | Move file pointer
2018-12-25T12:38:41.548504938Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:41.551148894Z 66 PC: 139c7 | Move file pointer
2018-12-25T12:38:41.553060799Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-25T12:38:41.56518722Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.566878329Z 62 PC: 13909 | Close file
2018-12-25T12:38:41.588878359Z 79 PC: 1390d | Find next file
2018-12-25T12:38:41.591378739Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.602726035Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.603909668Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.608929112Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.623855681Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.626735176Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.629616448Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.638292604Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.64009406Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.648702189Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.651964635Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.659292772Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.661627642Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.671072351Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.677617049Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.682534355Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.684457241Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.693096024Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.695249979Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.708984041Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.711826941Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.719004714Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.721047491Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.727921136Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.730193571Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.732817239Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.734478194Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.746983212Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.749567286Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.765558041Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.768275454Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.782342642Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.783762196Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.788142312Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.789841849Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.791758775Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.79286914Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.799068177Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.800199165Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.80520477Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.807999989Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.812197674Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.813854021Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.821543459Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.822862175Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.825392523Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.827255825Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.835857784Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.8375696Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.845804336Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.848567343Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.854903814Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.856653953Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.871075066Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.872312158Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.875192001Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.876394314Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.88458662Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.886364963Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.893655991Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.896030377Z 59 PC: 13890 | Change current directory
2018-12-25T12:38:41.900718696Z 42 PC: 13918 | Get date 0x13918: cmp dh, 0xa
0x1391b: jne 0x13944
0x1391d: nop
0x1391e: nop
0x1391f: nop
0x13920: cmp dl, 0x12
0x13923: jne 0x13944
0x13925: nop
0x13926: nop
0x13927: nop
0x13928: mov ah, 9
0x1392a: lea dx, word ptr [bp + 0x43b]
0x1392e: int 0x21
0x13930: xor ax, ax
0x13932: int 0x16
0x13934: mov ah, 3
0x13936: mov al, 0xf
0x13938: mov ch, 0
0x1393a: mov cl, 1
0x1393c: mov dh, 0
2018-12-25T12:38:41.902662984Z 37 PC: 1394d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.903527031Z 59 PC: 13955 | Change current directory
2018-12-25T12:38:41.905583279Z 26 PC: 1396b | Set disk transfer address
2018-12-25T12:38:41.906560599Z 76 PC: 136f8 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":1,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13665,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:41.574650981Z 26 PC: 13744 | Set disk transfer address
2018-12-25T12:38:41.576738952Z 53 PC: 13749 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.578084488Z 37 PC: 1375a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.579460615Z 71 PC: 13763 | Get current directory
2018-12-25T12:38:41.582776338Z 78 PC: 1376e | Find first file
2018-12-25T12:38:41.59383215Z 61 PC: 1377f | Open file (Filename = '')
2018-12-25T12:38:41.600556211Z 87 PC: 1399f | Get or set file date and time
2018-12-25T12:38:41.601861564Z 63 PC: 1379e | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:38:41.605245503Z 87 PC: 139b5 | Get or set file date and time
2018-12-25T12:38:41.606563693Z 62 PC: 137f2 | Close file
2018-12-25T12:38:41.620924394Z 79 PC: 1376e | Find next file (See above)
2018-12-25T12:38:41.625085033Z 78 PC: 13802 | Find first file
2018-12-25T12:38:41.636224598Z 78 PC: 13880 | Find first file
2018-12-25T12:38:41.6423224Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-25T12:38:41.649959504Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.651963068Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:41.65850633Z 66 PC: 139be | Move file pointer
2018-12-25T12:38:41.661648321Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:41.664310042Z 66 PC: 139c7 | Move file pointer
2018-12-25T12:38:41.665930277Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-25T12:38:41.674579309Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.677183808Z 62 PC: 13909 | Close file
2018-12-25T12:38:41.684979195Z 79 PC: 1390d | Find next file
2018-12-25T12:38:41.687918796Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.695222694Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.697006879Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.704008012Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.706303258Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.709129902Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.710723217Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.720385629Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.72207625Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.729989443Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.733860497Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.74165575Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.744043671Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.751291888Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.753580969Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.756610461Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.75993547Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.770125947Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.772098522Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.781546062Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.784558752Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.791579816Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.793902341Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.80083713Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.802411371Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.806282191Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.808209064Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.817624091Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.820074971Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.828014944Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.830452196Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.837681153Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.839250838Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.84622696Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.847668942Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.85058352Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.851939075Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.860196089Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.871046023Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.878809545Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.882320019Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.889348952Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.890760886Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.897015856Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.898602864Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.901228428Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.902629813Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.912695997Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.914135343Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.921555319Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.924921123Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.931452897Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.932980515Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.940287928Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.941701386Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.944331635Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.947171133Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.955934027Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.957266523Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.966319795Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.969006071Z 59 PC: 13890 | Change current directory
2018-12-25T12:38:41.97328063Z 42 PC: 13918 | Get date 0x13918: cmp dh, 0xa
0x1391b: jne 0x13944
0x1391d: nop
0x1391e: nop
0x1391f: nop
0x13920: cmp dl, 0x12
0x13923: jne 0x13944
0x13925: nop
0x13926: nop
0x13927: nop
0x13928: mov ah, 9
0x1392a: lea dx, word ptr [bp + 0x43b]
0x1392e: int 0x21
0x13930: xor ax, ax
0x13932: int 0x16
0x13934: mov ah, 3
0x13936: mov al, 0xf
0x13938: mov ch, 0
0x1393a: mov cl, 1
0x1393c: mov dh, 0
2018-12-25T12:38:41.977477086Z 37 PC: 1394d | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.979160059Z 59 PC: 13955 | Change current directory
2018-12-25T12:38:41.981136374Z 26 PC: 1396b | Set disk transfer address
2018-12-25T12:38:41.983228007Z 76 PC: 136f8 | Terminate with return code (Return code = '76')

{"DateBased":true,"Day":18,"Month":10,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":13665,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:38:41.564962107Z 26 PC: 13744 | Set disk transfer address
2018-12-25T12:38:41.568477265Z 53 PC: 13749 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.569875538Z 37 PC: 1375a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:38:41.571533701Z 71 PC: 13763 | Get current directory
2018-12-25T12:38:41.575813238Z 78 PC: 1376e | Find first file
2018-12-25T12:38:41.583359835Z 61 PC: 1377f | Open file (Filename = '')
2018-12-25T12:38:41.591480537Z 87 PC: 1399f | Get or set file date and time
2018-12-25T12:38:41.595478286Z 63 PC: 1379e | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:38:41.599179801Z 87 PC: 139b5 | Get or set file date and time
2018-12-25T12:38:41.600990964Z 62 PC: 137f2 | Close file
2018-12-25T12:38:41.619486472Z 79 PC: 1376e | Find next file (See above)
2018-12-25T12:38:41.62159463Z 78 PC: 13802 | Find first file
2018-12-25T12:38:41.625930611Z 78 PC: 13880 | Find first file
2018-12-25T12:38:41.632934693Z 61 PC: 138a1 | Open file (Filename = '')
2018-12-25T12:38:41.641768728Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.644609098Z 63 PC: 138cb | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:38:41.651837958Z 66 PC: 139be | Move file pointer
2018-12-25T12:38:41.654173505Z 64 PC: 138ef | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:38:41.656427621Z 66 PC: 139c7 | Move file pointer
2018-12-25T12:38:41.658071128Z 64 PC: 13902 | Write file or device (Write 1368 bytes on handle 5)
2018-12-25T12:38:41.665231344Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.666465419Z 62 PC: 13909 | Close file
2018-12-25T12:38:41.672564941Z 79 PC: 1390d | Find next file
2018-12-25T12:38:41.675206888Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.68034483Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.681643447Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.686573254Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.688217251Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.690720278Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.692371186Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.701688505Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.703766671Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.716169123Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.719906937Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.724930308Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.726398982Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.734277544Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.736316483Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.740035177Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.742615018Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.755702221Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.757813389Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.770482229Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.773867121Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.788881276Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.791303286Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.798513728Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.79998395Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.804512441Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.805982815Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.815346963Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.817350405Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.825692284Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.828706899Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.850754124Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.852843891Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.860340797Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.862098625Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.865342242Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.867268088Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.877190576Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.880100427Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.896876136Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.900426756Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.909024998Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.910863251Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.918280887Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.921016177Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.923882347Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.925741223Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.93560943Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.937946235Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:41.946690984Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:41.949850043Z 61 PC: 138a1 | Open file (See above)
2018-12-25T12:38:41.958539418Z 87 PC: 1399f | Get or set file date and time (See above)
2018-12-25T12:38:41.960334714Z 63 PC: 138cb | Read file or device (See above)
2018-12-25T12:38:41.967763585Z 66 PC: 139be | Move file pointer (See above)
2018-12-25T12:38:41.970496692Z 64 PC: 138ef | Write file or device (See above)
2018-12-25T12:38:41.973626113Z 66 PC: 139c7 | Move file pointer (See above)
2018-12-25T12:38:41.975457384Z 64 PC: 13902 | Write file or device (See above)
2018-12-25T12:38:41.986657054Z 87 PC: 139b5 | Get or set file date and time (See above)
2018-12-25T12:38:41.989233988Z 62 PC: 13909 | Close file (See above)
2018-12-25T12:38:42.011712602Z 79 PC: 1390d | Find next file (See above)
2018-12-25T12:38:42.015810787Z 59 PC: 13890 | Change current directory
2018-12-25T12:38:42.029193911Z 42 PC: 13918 | Get date 0x13918: cmp dh, 0xa
0x1391b: jne 0x13944
0x1391d: nop
0x1391e: nop
0x1391f: nop
0x13920: cmp dl, 0x12
0x13923: jne 0x13944
0x13925: nop
0x13926: nop
0x13927: nop
0x13928: mov ah, 9
0x1392a: lea dx, word ptr [bp + 0x43b]
0x1392e: int 0x21
0x13930: xor ax, ax
0x13932: int 0x16
0x13934: mov ah, 3
0x13936: mov al, 0xf
0x13938: mov ch, 0
0x1393a: mov cl, 1
0x1393c: mov dh, 0
2018-12-25T12:38:42.032947091Z 9 PC: 13930 | Display string (Could not find end pointer)